This repository was archived by the owner on Sep 11, 2023. It is now read-only.
This repository was archived by the owner on Sep 11, 2023. It is now read-only.
Add policy file awareness. #40
Description
What did you expect?
IDE plugin to be aware of settings in the .snyk file.
What did you experience?
Vulns reported in IDE, even though set to ignore or patch via .snyk settings.
Example .snyk file:
$ cat .snyk
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.14.1
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
SNYK-JS-LODASH-450202:
- tailwind > datasette > lodash:
reason: No patch available.
expires: '2020-07-20T12:57:58.123Z'
SNYK-JS-LODASH-73638:
- tailwind > datasette > lodash:
reason: No patch available.
expires: '2020-07-20T12:57:58.123Z'
SNYK-JS-LODASH-73639:
- tailwind > datasette > lodash:
reason: No patch available.
expires: '2020-07-20T12:57:58.123Z'
'snyk:lic:npm:commands-events:AGPL-3.0':
- tailwind > commands-events:
reason: None given
expires: '2020-07-20T12:57:58.123Z'
'snyk:lic:npm:tailwind:AGPL-3.0':
- tailwind:
reason: None given
expires: '2020-07-20T12:57:58.123Z'
# patches apply the minimum changes required to fix a vulnerability
patch:
SNYK-JS-LODASH-450202:
- tailwind > lodash:
patched: '2020-06-20T12:56:11.546Z'
- tailwind > lodash:
patched: '2020-06-20T12:56:11.546Z'
- tailwind > flaschenpost > lodash:
patched: '2020-06-20T12:56:11.546Z'
- tailwind > flaschenpost > lodash:
patched: '2020-06-20T12:56:11.546Z'
- tailwind > datasette > lodash:
patched: '2020-06-20T12:56:11.546Z'
- tailwind > datasette > lodash:
patched: '2020-06-20T12:56:11.546Z'
SNYK-JS-LODASH-567746:
- tailwind > lodash:
patched: '2020-06-20T12:56:11.546Z'
- tailwind > flaschenpost > lodash:
patched: '2020-06-20T12:56:11.546Z'
- tailwind > datasette > lodash:
patched: '2020-06-20T12:56:11.546Z'